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[Name of the Document] Specification 
[Title of the Invention] Communication Apparatus, 
Method and Memory Medium Therefor 
[Claim (s) ] 

[Claim 1] A communication apparatus for 
transferring data received from a first network to a 
second network, the apparatus comprising: 

first discrimination means for discriminating the 
destination information of said received data; 

second discrimination means for discriminating the 
secrecy level information of said received data; and 

control means for executing the transfer of said 
received data, according to the result of 
discrimination by said first and second discrimination 
means . 

[Claim 2] The communication apparatus according 
to claim 1, wherein said control means transfers said 
received data with encryption, according to the 
discrimination by at least either of said first and 
second discrimination means. 

[Claim 3] The communication apparatus according 
to claim 1, wherein said secrecy level information 
includes whether said received data are confidential 
data . 

[Claim 4] The communication apparatus according 
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to claim 1, wherein said control means transfers said 

received data to the destination by e-mail, according 

to the discrimination by at least either of said first 

and second discrimination means. 
5 [Claim 5] The communication apparatus according 

to claim 1, wherein said control means stores said 

received data in a predetermined memory, according to 

the discrimination by at least either of said first and 

second discrimination means, 
10 [Claim 6] The communication apparatus according 

to claim 1, wherein said destination information 

includes whether encryption information corresponding 

to said destination is provided. 

[Claim 7] The communication apparatus according 
15 to claim 1, wherein said destination information 

includes path information to the destination for said 

received data. 

[Claim 8] The communication apparatus according 

to claim 1, wherein said destination information 
20 includes whether the encryption information 

corresponding to the destination is within an effective 

period . 

[Claim 9] A communication method for transferring 
data received from a first network to a second network, 
25 the method comprising: 

a first discrimination step of discriminating the 
destination information of said received data; 
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a second discrimination step of discriminating the 
secrecy level information of said received data; and 

a control step of executing the transfer of said 
received data, according to the result of 
5 discrimination by said first and second discrimination 
steps . 

[Claim 10] A computer readable memory medium 
storing a program of a communication method for 
transferring data received from a first network to a 
10 second network, the program comprising: 

a first discrimination step of discriminating the 
destination information of said received data; 

a second discrimination step of discriminating the 
secrecy level information of said received data; and 
15 a control step of executing the transfer of said 

received data, according to the result of 
discrimination by said first and second discrimination 
steps . 

[Claim 11] A communication apparatus for 
20 transferring data received from a first network to a 
second network, the apparatus comprising: 

discrimination means for discriminating whether 
encryption information corresponding to the destination 
of said received data is present; and 
25 control means for executing control whether to 

transfer said received data with encryption based on 
the encryption information corresponding to said 
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destination, on to store said received data in a 

predetermined memory. 

[Claim 12] The communication apparatus according 

to claim 11, wherein said control means transmits, to 
5 said destination, a message indicating that said 

received data are stored in a predetermined memory. 

[Claim 13] The communication apparatus according 

to claim 11, wherein said encryption information is 

acquired from said destination. 
10 [Claim 14] The communication apparatus according 

to claim 11, wherein said control means executes said 

encryption according to the secrecy level of said 

received data. 

[Claim 15] The communication apparatus according 
15 to claim 11, wherein said control means is adapted, 

upon acquiring the encryption information from said 

destination, to encrypt the received data stored in 

said predetermined memory with said encryption 

information and to execute transfer to said destination. 
20 [Claim 16] The communication apparatus according 

to claim 11, wherein said control means executes said 

encryption according to the transfer path to said 

destination . 

[Claim 17] The communication apparatus according 
25 to claim 11, wherein said encryption information 
includes an effective period . 

[Claim 18] The communication apparatus according 
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to claim 17, wherein the effective period of said 
encryption information is renewable. 

[Claim 19] A communication method for 
transferring data received from a first network to a 
5 second network, the method comprising: 

a discrimination step of discriminating whether 
encryption information corresponding to the destination 
of said received data is present; and 

a control step of executing control whether to 
10 transfer said received data with encryption based on 
the encryption information corresponding to said 
destination, on to store said received data in a 
predetermined memory. 

[Claim 20] A computer readable memory medium 
15 storing a program of a communication method for 

transferring data received from a first network to a 
second network, the program comprising: 

a discrimination step of discriminating whether 
encryption information corresponding to the destination 
20 of said received data is present; and 

a control step of executing control whether to 
transfer said received data with encryption based on 
the encryption information corresponding to said 
destination, on to store said received data in a 
25 predetermined memory. 

[Detailed Description of the Invention] 
[0001] 
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[Field of the Invention] 

The present invention relates to a communication 
apparatus suitable for transferring the received secret 
data . 
5 [0002] 

[Prior Art] 

Owing to the recent remarkable popularization of 
the internet, the facsimile device which has executed 
communication only through the public network is now 
10 becoming to be connected to a computer network such as 
a LAN (local area network) . 
[0003] 

Such facsimile device adaptable to multi lines, 
connectable to the public network and the LAN, upon 
15 receiving image data from another facsimile device 

through the public network, transfers such image data 

to a server computer through the LAN. 

[0004] 

The user acquires the image data by accessing to 
20 the server computer from a client computer. The 

acquired image data can displayed and viewed on a CRT 
by a predetermined viewer software. Otherwise the 
image data can be printed and observed by a printer 
connected to the client computer. 
25 [0005] 

In the facsimile communication, there is known a 
confidential function. In such function, the facsimile 
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apparatus does not immediately print the image received 
under the designation of a confidential transmission 
but stores the image in a memory, and prints such image 
from the memory in response to the input of a 
5 predetermined password. Thus the image can be viewed 
only by the user who knows the confidential password. 
[0006] 

[Problem to be Solved by the Invention] 

However, as the conventional facsimile device 

10 described above is not provided with a configuration 
for transferring the confidential image, the intended 
recipient user of the confidential image has to go to 
the location of such facsimile device and to have the 
confidential image to be printed by the entry of the 

15 password- 
[0007] 

[Means for Solving the Problem] 

In order to solve the above-mentioned problem, the 
present invention provides a communication apparatus 

20 for transferring data received from a first network to 
a second network, the apparatus comprising first 
discrimination means for discriminating the destination 
information of the received data; second discrimination 
means for discriminating the secrecy level information 

25 of the received data; and control means for executing 
the transfer of the received data, according to the 
result of discrimination by the first and second 



discrimination means . 
[0008] 

Furthermore, in order to solve the above-mentioned 
problem, the present invention provides a communication 
apparatus for transferring data received from a first 
network to a second network, the apparatus comprising 
discrimination means for discriminating whether 
encryption information corresponding to the destination 
of the received data is present; and control means for 
executing control whether to transfer the received data 
with encryption based on the encryption information 
corresponding to the destination, or to store the 
received data in a predetermined memory. 
[0009] 

[Embodiment (s) ] 

Now the present invention will be clarified in 
detail by preferred embodiments thereof, with reference 
to the accompanying drawings. 

[0010] 

Fig. 1 is a block diagram showing the 
configuration of a communication apparatus of the 
present invention, wherein shown are a CPU 101 for 
controlling the entire apparatus, a ROM 102 storing 
control programs to be executed by the CPU 101, and a 
RAM 103 constituting a temporary storage area for the 
data. A part of the RAM is constructed as a non- 
volatile memory backed up by a battery or the like, and 
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serving to store data to be retained even after the 
power supply of the apparatus is turned off, such as 
registration data and management tables required in the 
present embodiment. Such non-volatile memory may also 
5 be replaced by a hard disk. 
[0011] 

There are also provided an IPO 104 for data 
input/output with external circuits, an operation panel 
105 controlled by the PIO 104, a compression circuit 

10 106 for compressing data, a decompression circuit 107 
for decompressing the data, a modulation circuit 108 
for converting data into an analog signal of audible 
range for transmission to a public network 202, a 
demodulation circuit 109 for demodulating the analog 

15 signal, received from the public network 202, into a 
digital signal, a modem 110 consisting of the 
modulation circuit 108 and the demodulation circuit 109, 
an NCU 111 for connecting the present apparatus with 
the public network 202, a LAN controller 112 relating 

20 to the protocol for transmitting the signal to the LAN, 
a LAN connection circuit 113 to be used for matching 
the level of the signal in the present apparatus with 
that on the NCL, and a CPU bus 114 to be used for the 
control by the CPU 101. 

25 [0012] 

Fig. 2 illustrates a network system to which the 
communication apparatus 201 of the present invention is 



connected. Referring to Fig. 2, the communication 
apparatus 201 is connected to a public network 202 and 
a LAN 203. On the LAN 203, there are connected a 
server computer 205 to be used for example for storing 
the received image data, and a client computer 206 
capable of information exchange with the server 
computer 205. The server computer 205 is provided with 
e-mail server functions such as SMTP server function 
and POP server function, and is so constructed as to be 
capable of exchanging e-mail with the communication 
apparatus 201, the client computer 206 and other 
unrepresented terminals. The communication apparatus 
201 and the client computer 206 are naturally provided 
with an e-mail client function. 
[0013] 

The communication apparatus 201 executes facsimile 
communication with the facsimile device 204 through the 
public network 202. 
[0014] 

<First embodiment> 

In a configuration where the communication 
apparatus 201 transmits image data received from the 
public network 202 to the server computer 205 for 
storage in a predetermined area, the first embodiment 
selectively executes the encryption of the image data 
according to whether the received image data represent 
a confidential image. 
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[0015] 

In case the received image data represent a 
confidential image, the image data are encrypted by a 
predetermined method and stored thereby being rendered 
5 observable only by a specified user. Thus the received 
confidential image can be transferred while the 
confidentiality of the data are retained. 
[0016] 

In the following there will be explained the 
10 function of the communication apparatus 201 of the 
present embodiment, with reference to a flow chart 
shown in Fig. 3. The sequence is started after the 
power supply to the communication apparatus 201 is 
turned on (step S301) and there is entered a state of 
15 awaiting a call reception from the public network 202 
(step S302) . If a call is made from the facsimile 
device 204 while the call reception is awaited, the 
call reaches and is received by the communication 
apparatus 201 through the public network 202. When the 
20 call is detected by the CPU 101 and the NCU 201, the 
call is established by the NCU 111. 
[0017] 

Then there is entered a phase B based on the ITU-T 
recommendation T.30 for executing a training for 
25 exchanging the information on communication ability and 
investigating the quality of the communication line 
(hereinafter represented as pre-communication) . In the 
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pre-communication (step S303) , there are informed 
information such as the aforementioned sub-address (by 
SUB signal in ITU-T T.30), a password (by PWD signal in 
ITU-T TT-30) in case of a confidential image, a 
5 confidential box number etc. Such information are. 

temporarily stored in the RAM 103 of the communication 

apparatus 201. 

[0018] 

After the pre-communication (step S303) , there is 
10 executed reception of image data (step S304). The 

image signal transmitted through the public network 202 
is fetched into the communication apparatus 201 through 
the NCU 111, then returned to the original image data 
through the demodulation circuit 109 of the MODEM 110 
15 and by the decompression circuit 107, and stored in a 
predetermined data format (which may be compressed 
data) in the RAM 103 by the CPU 101. Such receiving 
operation is repeated until an end notice arrives from 
the transmitting side (step S305) . 
20 [0019] 

After the reception of the image data, there is 
discriminated whether the image is a confidential image 
by reading the information stored in the aforementioned 
RAM 103 (step S306) . This discrimination may be made 
25 by whether the aforementioned PWD signal is received, 
or by whether the use of the confidential function is 
designated on a protocol signal such as the NSS signal. 
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[0020] 

In case the image data represent a confidential 
image, the image data stored in the RAM 103 are read by 
the CPU 101 and the encrypted (step S307). The 
5 communication apparatus 201 executes encryption by an 

encryption key corresponding to the server computer 205. 
[0021] 

The encrypted image data are transmitted to the 
LAN controller 112, and to the LAN 203 through a LAN 

10 connection circuit 113, thereby transferring to the 
server computer 205 (step S308) . Also the CPU 101 
transmits the password and the confidentiality box 
number obtained in the pre-communication (step S303) to 
the server computer 205, whereupon the communication 

15 apparatus 201 terminates the sequence (step S409) . 
[0022] 

In case the step S306 identifies that the image 
data do not represent a confidential image, the 
encrypting step S307 is skipped and the image data are 
20 transferred without encryption to the server computer 
205 (step S308) whereupon the communication apparatus 
201 terminates the sequence (step S309) . 
[0023] 

Upon receiving the image data transferred in the 
25 step S308, the server computer 205 stores such image 

data as a file in a memory area thereof and transmits a 
reception notice to the client computer 206 of a 
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specified user based on the sub address. Such notice 

is made for example by e-mail. 

[0024] 

In case the image data do not represent a 
5 confidential image, the user receiving the notice 

manipulates the client computer 206 for acquiring the 
image data addressed to the user from the server 
computer 205 for example by downloading, thereby being 
enabled to acquire the image data as visible 
10 information, for example by display on the client 

computer 206 with an image viewer application or by 
printing with an unrepresented printer device. 
[0025] 

On the other hand, in case the image data 
15 represent a confidential image so that the image data 
stored in the server computer 205 are encrypted, it is 
necessary to transmit a password corresponding to the 
confidentiality box number to the server computer 205 
when the client computer 206 downloads the image data 
20 from the server computer 205. Only in case the server 
computer 205 judges that the password is proper, it 
transmits the decrypted image data to enable viewing 
thereof on the client computer 206. 
[0026] 

25 <Second embodiment> 

In a configuration where the communication 
apparatus 201 transmits image data received from the 
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public network 202 to the server computer 205 for 
storage in a predetermined area, the second embodiment 
does not execute such storage but transfers the image 
data to the designated destination by e-mail in case 
5 the received image data represent a confidential image. 
[0027] 

In case the received image data represent a 
confidential image, the image data are directly e-mail 
transferred to the destination without storage in the 
10 memory of the server computer 205, whereby the received 
confidential image can be transferred while the 
confidentiality of the data are retained. 
[0028] 

In the following there will be explained the 
15 function of the communication apparatus 201 of the 
present embodiment, with reference to a flow chart 
shown in Fig. 4. As the process of steps S401 to S405 
have already been explained in the step S301 to S305 of 
the foregoing first embodiment, the sequence will be 
20 explained in the following from a step S406. 
[0029] 

At first there is discriminated whether the image 
data received in the step S405 represents a 
confidential image, by reading the information stored 
25 in the aforementioned FIAM 103 (step S406) , and, if a 
confidential image is represented, the CPU 101 reads 
the image data stored in the RAM 103 and converts the 
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image data into an image format (JPEG, GIF etc.) 
developable by the client computer 206 (step S407) . 
Then the CPU 101 specifies the client computer 206 at 
the address of transfer by the sub address, and sends 
5 an e-mail (step S408) . In this operation, the image 
data converted to the image format is attached to the 
e-mail, whereby realized is the delivery of the 
confidential image to the specified user by e-mail. 
After the transmission of the e-mail to which attached 
10 are the image data converted in to the image format, 

the communication apparatus 201 terminates the sequence 

(step S409) . 

[0030] 

In case the step S406 identifies that the received 
15 image data do not represent a confidential image, the 
image data are transferred to the server computer 205 
(step S410) whereupon the communication apparatus 201 
terminals the sequence (step S409) . The server 
computer 205 stores such image data as a file in a 
20 memory area thereof and transmits a reception notice to 
the client computer 206 of a specified user based on 
the sub address (step S411) . Such notice is made for 
example by e-mail. Upon receiving the notice, the user 
manipulates the client computer 206 for acquiring the 
25 image data addressed to the user from the server 

computer 205 for example by downloading, thereby being 
enabled to acquire the image data as visible 
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information, for example by display on the client 
computer 206 with an image viewer application or by 
printing with an unrepresented printer device. 
[0031] 

5 <Third embodiment> 

In transferring the received confidential image by 
e-mail, the third embodiment selectively executes 
encryption based on whether a public key of the 
destination of transfer is acquired. 
10 [0032] 

More specifically, in case the communication 
apparatus 201 has acquired the public key of the 
destination of transfer of the confidential image, the 
received image data are transferred by an e-mail 

15 encrypted with such public key. In case the 

communication apparatus 201 has not acquired the public 
key of the destination of transfer of the confidential 
image, such confidential image is not transferred but 
is stored in a memory box managed by the communication 

20 apparatus 201, and an e-mail only describing that the 

received confidential image is stored in the memory box 

is transmitted to the destination of transfer. 

[0033] 

In the public key system, the encrypting key at 
25 the transmitting side is different from the decrypting 
key at the receiving side, in which one of the keys 
made public (public key) while the other is maintained 
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secret (secret key) . The user, receiving a 
confidential image encrypted with his public key, can 
view the confidential image by decryption with the 
secret key held by the user only. 
5 [0034] 

In this manner it is rendered possible to prevent 
unexpected disclosure of the confidential image without 
encryption onto the LAN, thereby maintaining the 
confidentially of the confidential image. 
10 [0035] 

Fig. 6 shows a management table held by the 
communication apparatus 201 and storing the 
correspondence between the sub address data and the e- 
mail addresses of the destinations of transfer. The 
15 table stores the e-mail addresses of the destinations 

of data and the confidentiality box numbers for the sub 

address data 601 in mutual correspondence. 

[0036] 

Fig. 7 shows, in the form of a table, the data 
20 structure of an address notebook in the e-mail client 
function of the communication apparatus 201. As shown 
in Fig. 7, for each address, there are shown a 
destination name 701, an e-mail address 702 and 
information 703 whether the public key of such 
25 destination is obtained. The public key data are 

acquired in advance from each destination through the 
LAN, or from a detachable memory medium by providing 
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the communication apparatus 201 with a function of 
connecting a device capable of driving such memory 
medium. The acquired public key data are stored as 
file data, and the acquired public key data and the 
5 destination are correlated in the address notebook 
through a predetermined procedure. 
[0037] 

Also in acquiring the public key, it is preferable 
also to confirm the appropriateness of the public key 
10 by receiving a certificate certifying that the public 
key is of the proper owner from a predetermined 
certifying organization and then to register the public 
key in the aforementioned address notebook, 
[0038] 

15 In the following the present embodiment will be 

explained with reference to Figs. 6 and 7. 
[0039] 

At first, when the sub address "0123" receives the 
designated image data from the public network 202, the 

20 e-mail address of the destination of transfer is 
converted into "aaa@xxx.xxx.com" based on the 
management table shown in Fig. 6, and the 
presence/absence of the public key is judged, based on 
the e-mail address of the destination of transfer in 

25 the address notebook shown in Fig. 7. 
[0040] 

In the example shown in Figs. 6 and 7, the 
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confidential images designated for the sub addresses 
"0123" and "8901" are respectively stored in the 
corresponding memory boxes "01" and "03" since the 
public keys are not acquired, and e-mails describing 
5 the storing confidentiality box number, the transmitter 
information and the time and date of reception as text 
data are transferred to the respective destinations 
"aaa@xxx . xxx . com" and "ccc@xxx . xxx . com" . 
[0041] 

10 The confidential image designated for the sub 

address "4567", for which the public key has been 
acquired, is encrypted with such public key and is 
transferred to the destination "bbb@xxx.xxx.com". 
[0042] 

15 Also in case the received image data do not 

represent a confidential image, the received image data 
are transferred by e-mail, without encryption, to the 
e-mail address of the destination corresponding to the 
sub address - 

20 [0043] 

Fig. 5 is a flow chart showing the function of the 
communication apparatus 201 in the present embodiment. 
As the process of steps S501 to S505 have already been 
explained in the step S301 to S305 of the foregoing 
25 first embodiment, the sequence will be explained in the 
following from a step S506. 
[0044] 
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At first a step S506 discriminates whether the 
image data received in the step S504 represent a 
confidential image, and, if not, the sequence proceeds 
to a step S512 for transmitting an e-mail with the 
5 received image data as an attachment to the e-mail 
address of the destination corresponding to the sub 
address received in the step S503. 
[0045] 

A step S507 discriminates, based on the management 
10 table shown in Fig. 6 and the address notebook shown in 
Fig. 7, whether the public key is correlated with the 
e-mail address corresponding to the sub address 
received in the step S503. If the public key is not 
correlated, the sequence proceeds to a step S510 for 
15 storing the received image data in a memory box 

corresponding to the sub address. Then a step S511 
transmits, to the e-mail address corresponding to the 
sub address, an e-mail describing, as text data, a 
message that the confidential image is stored in the 
20 memory box. An example of the message is "A 

confidential image is received in your memory box. 

Please come to receive it" . 

[0045] 

The receiver of the confidential image, receiving 
25 the e-mail describing the above-mentioned message, 

visits the location of the communication apparatus 201 
and enters a password corresponding to the memory box 
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from the operation panel 10, whereby the confidential 
image is outputted from the unrepresented printer- In 
this manner it is rendered possible to prevent 
unexpected disclosure of the confidential image without 
5 encryption onto the LAN, thereby maintaining the 
confidentiality of the confidential image. 
[0047] 

In case the step S507 identifies that the public 
key is correlated, the sequence proceeds to a step S508 

10 for encrypting the received image data with such public 
key, and then a step S509 transfers an e-mail with the 
confidential image encrypted in the step S509- An 
example of the encrypting method based on the public 
key is RSA (Rvert-Shamir-Adleman) system. 

15 [0048] 

The above-described process allows secure 
encryption in transferring the confidential image 
received from the public network through a LAN thereby 
enabling to maintain the confidentiality of the 
20 confidential image. 
[0049] 

Among the encryption systems, there is also known 
a common key system, in addition to the aforementioned 
public key system. In such common key system, the 
25 encrypting key at the transmitting side is same as the 
decrypting key at the receiving side. The transmitting 
side executes transmission by encrypting the 
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communication text (plaintext) by such encrypting key, 
and the receiving side decrypts the received text 
(encrypted text) with the same key. 
[0050] 

5 As the public key system generally requires a 

longer time in comparison with the common key system, 
because the encryption and the decryption are more 
complex, it is also possible to transfer data obtained 
by encrypting the confidential image by a common key 

10 generated by a predetermined algorithm and data 

obtained by encrypting such common key by the public 
key of the destination of transfer. An encryption 
system based on the common key is DES (data encryption 
standard) system. 

15 [0051] 

< Fourth embodiment > 

In the foregoing third embodiment, the receiver of 
the confidential image stored in the memory box in the 
step S510 is assumed to visit the communication 

20 apparatus 201 for obtaining the printed output. In the 
present embodiment, after the confidential image is 
stored in the memory box, in response to the 
registration of the public key of the destination of 
transfer of the confidential image in the 

25 aforementioned address notebook, such confidential 

image is automatically encrypted with such public key 
and transferred to the destination. 
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[0052] 

Consequently the receiver of the confidential 
image, without visiting the location of the 
communication apparatus 201, can acquire the 
5 confidential image stored in the memory box, by causing 
the system manager to register the public key or by 
sending the public key to the communication apparatus 
201 through the LAN 2 03, 
[0053] 

10 In the following the function of the communication 

apparatus 201 in the present embodiment will be 
explained with reference to a flow chart shown in Fig. 
9, which is a modification of the flow chart of the 
third embodiment and in which any step of a number same 

15 as in the third embodiment has a same content. In the 
following there will only be explained steps of which 
processes are different from the third embodiment. 
[0054] 

At first, after the process of the step S511 in 
20 Fig. 10, there is executed, at a predetermined interval, 
a process of discriminating whether the public key of 
the destination corresponding to the confidential image 
stored in the memory box is registered in the address 
notebook (a loop process consisting of steps SlOOl and 
25 S1002), and if the step SlOOl detects the affirmative 
discrimination in such loop process, the sequence 
proceeds to a step S508 for transferring the 
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confidential image with encryption by the registered 
public key. 
[0055] 

Also the message to be transmitted in the step 
5 S511 can be, for example, "A confidential image is 
received in your memory box. The confidential image 
will be encrypted and transmitted if you sends your 
public key" . 
[0056] 

10 <Fifth embodiment> 

The foregoing third embodiment does not execute 
the image transfer unless the public key of the 
destination is acquired, but, in the present embodiment, 
the encrypted transfer is executed depending on the 

15 security of the transfer path. More specifically, in 
the transfer through the LAN 203, there is 
discriminated whether the public key of the destination 
of transfer is acquired or not only in case the 
security of the transfer path is not ensured, and, if 

20 the public key is discriminated to be present, the 

confidential image is encrypted and transferred, but, 
if absent, the confidential image is stored in the 
memory box and a message indicating such image storage 
alone is transmitted to the destination. Also in case 

25 the security of the transfer path is ensured, the 

confidential image is transferred to the destination 
regardless whether the public key of the destination of 
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transfer is acquired or not. 
[0057] 

In this manner the process relating to the public 
key data can be dispersed with for the destinations 
5 within a domain with ensured security such as an 
intranet, whereby the process of registered data 
management in the communication apparatus 201 can be 
alleviated . 
[0058] 

10 In the following the function of the communication 

apparatus 201 in the present embodiment will be 
explained with reference to a flow chart shown in Fig. 
10, which is a modification of the flow chart of the 
third embodiment shown in Fig. 5, and in which any step 

15 of a number same as in the third embodiment has the 
same content. In the following there will only be 
explained steps of which processes are different from 
the third embodiment. 
[0059] 

20 At first, if the step S506 identifies that the 

received image data represent a confidential image, the 
sequence proceeds to a step SllOl. A step SllOl judges 
the security of the transfer path to the destination of 
transfer corresponding to the sub address received in 

25 the step S503, and, if the transfer path is judged 
secure, the sequence proceeds to a step S512 for 
transferring the confidential image to the destination. 
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[0060] 

On the other hand, if the transfer path is judged 
not secure, the sequence proceeds to a step S507 for 
determining whether to transfer the confidential image 
5 or to store it in the memory box, according to the 

presence or absence of the public key. The judgment of 
the security of the transfer path in the step SllOl can 
be made, for example, by the domain of the e-mail 
address of the communication apparatus 210 and the 
10 domain of the e-mail address of the destination of 
transfer . 
[0061] 

Such judgment will be explained in more detail 
with reference to Figs. 6 and 7. As explained in the 
15 foregoing, the communication apparatus 201 is provided 
with an e-mail client function, for example with an e- 
mail account "fax@xxx.xxx.com". 
[0062] 

Consequently, in the example of the address 
20 notebook data shown in Fig. 7, the destinations aaa, 

bbb and ccc are in the same domain "xxx . xxx . com" of the 
communication apparatus 201 while the destinations ddd 
and eee are in domains different from that of the 
communication apparatus 201. 
25 [0063] 

Therefore, for the destinations of transfer 
belonging to the domain of the communication apparatus 
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201, the confidential image is transferred by the e- 
mail regardless whether the public key is registered in 
the address notebook. 
[0064] 

5 For the destination in a domain different from 

that of the communication apparatus 201, the transfer 
is executed according to whether the public key is 
registered in the address notebook. More specifically, 
since the public key is not registered for the 

10 destination ddd, the confidential image for the 

destination ddd is stored in the memory box and the e- 
mail describing only a message indicating the storage 
of the confidential image in the memory box is 
transmitted to the destination ddd. Also as the public 

15 key is registered for the destination eee, the e-mail 
with the confidential image encrypted with the public 
key is transmitted to the destination eee. 
[0065] 

The domain name has a hierarchic layered structure 
20 punctuated by dots, and the judgment of a same domain 
by the coincidence of a number of hierarchic layers 
starting from the first layer "com" depends on the 
security policy of the network system. For example the 
transfer path may be judged secure by the coincidence 
25 up to the second hierarchic layer "xxx.com". 
[0066] 

In the foregoing there has been explained the 
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judgment based on the domain name, but the security may 
also be judged by whether the sub net of the IP address 
of the destination of transfer is within a 
predetermined sub net. 
5 [0067] 

<Sixth embodiment> 

Certain public keys are rendered effective only 
during a period, in order to improve the security- The 
present embodiment utilizes such public key as will be 
10 explained in the following with reference to Fig. 11. 
[0068] 

A flow chart shown in Fig. 11 is a modification of 
the flow chart of the third embodiment shown in Fig. 5, 
and any step of a number same as in the third 
15 embodiment is same the content. In the following there 
will only be explained steps of which processes are 
different from the third embodiment. 
[0069] 

At first, if the step S506 identifies that the 
20 received image data represent a confidential image, a 
step S507 discriminates, based on the management table 
shown in Fig, 6 and the address notebook shown in Fig. 
7, whether the public key is correlated with the e-mail 
address corresponding to the sub address received in 
25 the step S503. 
[0070] 

If the step S507 identifies that the public key is 
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not correlated, a step S1201 discriminates whether the 
public key is within an effective period. 
[0071] 

In the step S1201 identifies that the public key 
5 is within the effective period, a step S508 encrypts 

the received image data with the public key, and a step 
S509 transmits an e-mail with thus encrypted 
confidential image. 
[0072] 

10 If the step S1201 identifies that the effective 

period of the public key has expired, a step S510 
stores the received image data in the memory box 
corresponding to the sub address and a step S511 
transmits, to the e-mail address corresponding to the 

15 sub address, an e-mail describing, as the text data, a 
message that the confidential image is stored in the 
memory box. Such message can be, for example, 
"Effective period of the public key has expired. A 
confidential image is received in your memory box. 

20 Please come to receive it". 
[0073] 

It is also possible, in response to the renewal of 
the effective period of the public key, to 
automatically encrypt the confidential image with such 
25 public key and transfer the encrypted image to the 
destination. 
[0074] 
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The function of the communication apparatus 201 in 
such case will be explained with reference to a flow 
chart shown in Fig. 12, which is a modification of the 
flow chart of the third embodiment, and in which any 
5 step of a number same as in the third embodiment has a 
same content. In the following there will only be 
explained steps of which processes are different from 
the third embodiment. 
[0075] 

10 At first, after the process of the step S511 in 

Fig. 12, a step S1304 executes, at a predetermined 
interval, a process of discriminating whether the 
effective period of the public key of the destination 
corresponding to the confidential image stored in the 

15 memory box is renewed (a loop process consisting of 

steps S1302 and S1303) , and if the step S1302 detects 
the affirmative discrimination in such loop process, a 
step S1301 discriminates whether the renewed period is 
effective . 

20 [0076] 

If the step S1301 identifies that the public key 
is within the effective period, a step S508 encrypts 
the received image data with such public key, and a 
step S509 transfers the encrypted confidential image by 
25 the e-mail. 
[0077] 

Also the message to be transmitted in the step 



- 32 - 



S511 can be, for example, "The effective period of the 
public key has expired. A confidential image is 
received in your memory box. The confidential image 
will be encrypted and transmitted if you renew the 
5 effective period of your public key". 
[0078] 

In the foregoing there has been explained a case 
of renewing the effective period of the public key, but 
it is also possible to encrypt and transfer the 
10 confidential image stored in the memory box in response 
to the new acquisition of a public key in the effective 
period from the destination of transfer. 
[0079] 

< Seventh embodiment > 

15 The foregoing embodiments have been explained by 

the function of a single equipment constructed as the 
communication apparatus, but the present invention may 
also be applied to a system consisting of plural 
equipment such as a personal computer, a modem, a 

20 scanner, a printer etc. The configuration of such 

system will be briefly explained with reference to Fig. 
8. Referring to Fig. 8, a personal computer (PC) 801 
is connected to a scanner 801, a printer 803 and a 
modem 804 (which may be incorporated in the PC 802) 

25 through a predetermined interface. The PC 802 is also 
connected to a public network 202 through the modem 804 
and to a LAN 203 through an unrepresented LAN board. 
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[0080] 

The interface connecting the PC 802 with the 
scanner 801, printer 803 and modem 804 may be a network 
interface through the LAN 203, but is preferably a 
5 local interface separated from the LAN 203, such as USB, 
in order to handle the secret data such as the 
confidential image . 
[0081] 

In the following there will be explained the 
10 receiving operation in this system. At first, a signal 
transmitted from the public network 202 is fetched into 
the modem 805 through a NCU unit incorporated therein. 
The modem 805 demodulates the analog signal to restore 
the digital data. The digital data are read by a 
15 computer 807 in which image data are restored by 

decompression of the compressed data and are supplied 
to a printer 808, which prints the image data. 
[0082] 

If the received image data are confidential, the 
20 data are stored in a memory box of a hard disk device 
incorporated in the PC 802, and, according to the 
aforementioned third embodiment, the confidential image 
is transferred with encryption by the public key to 
the destination of which the public key is acquired 
25 while the e-mail indicating the reception of the 

confidential image is transmitted to the destination of 
which the public key is not acquired. 
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[0083] 

In the foregoing first to seventh embodiments, 
there has been explained a configuration in which the 
sub address received from the transmitting side in 
5 converted by the communication apparatus of the present 
invention into the e-mail address, but the e-mail 
address of the destination of transfer may be directly 
set in the sub address from the transmitting side. 
[0084] 

10 Also in the foregoing embodiments, there has been 

explained a case of transferring the image data, 
received from the public network 202, to the client 
device on the LAN 203, but such configuration is not 
restrictive and there may be assumed a configuration in 

15 which the LAN 203 is connected to the internet through 
a predetermined access point and the image data 
received from the public network 202 is transferred 
through the internet. The present invention is 
suitable for the communication through the internet 

20 since the security is considered important in such 
communication . 
[0085] 

The present invention is also applicable to a case 
in which the image data received from the public 
25 network is transferred by dial-up connection to the 

access point of the internet from the public network. 
[0086] 



Also the present invention is naturally applicable 
to a case where the present invention is realized by 
the supply of a program to a system or an apparatus. 
In such case, the objects of the present invention can 
be attained by a computer (PCU or MPU) of such system 
or apparatus, reading and executing the program codes 
stored in a memory medium and realizing the present 
invention . 
[0087] 

Also the present invention naturally includes a 
case where, in executing the read program codes by the 
computer, an OS (operating system) functioning on the 
computer executes a part of the processes. 
[0088] 

[Effect of the Invention] 

As explained so far, according to the present 
invention, a confidential image received from the 
public network is encrypted and stored in the server 
computer onto a LAN, so that any user other than the 
specified client cannot easily view the confidential 
image- This makes it possible to deliver the 
confidential image to the client onto the LAN while the 
confidentiality is retained. 
[0089] 

Also, according to the present invention, since a 
confidential image received is transmitted to a user, 
who is a receiver of the image, by attaching the image 
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to an e-mail, it becomes unnecessary for the user to go 
to the communication apparatus and print the 
confidential image so that the user' s operational load 
can be reduced substantially. 
5 [0090] 

According to the present invention, if an 
encryption key of the destination is retained, the 
image is transferred after encrypting by the encryption 
key and if not, the image is stored in a specified 
10 memory box, so that it is rendered possible to prevent 
unexpected disclosure of the confidential image without 
encryption onto the LAN. 
[0091] 

According to the present invention, if it is 
15 detected that the encryption key of the destination of 
the confidential image is registered after the 
confidential image is stored in the memory box, the 
confidential image is automatically encrypted by the 
public key and transferred to the destination, so that 
20 there is no need for the user to go to the apparatus to 
receive the confidential image. 
[0092] 

According to the present invention, the image is 
encrypted and transferred based on security of the 
25 transfer path, so that for the transfer within the 

network whose security is assured, there is no need to 
exchange the encryption key, thereby reducing the 
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burden of an apparatus administrator. 
[0093] 

According to the present invention^ if the 
encryption key of the destination is within an 
5 effective period, the image is transferred after 

encrypting by this encryption key so that the encrypted 
confidential image can be transferred by highly 
reliable encryption key. 
[Brief Description of the Drawings] 
10 [Fig. 1] A view showing the configuration of a 

communication apparatus constituting a first embodiment 
of the present invention. 

[Fig. 2] A view showing a network system in the 
first embodiment of the present invention. 
15 [Fig. 3] A flow chart showing the function of the 

communication apparatus of the first embodiment of the 
present invention . 

[Fig. 4] A flow chart showing the function of the 
communication apparatus in a second embodiment of the 
20 present invention. 

[Fig. 5] A flow chart showing the function of the 
communication apparatus in a third embodiment of the 
present invention . 

[Fig. 6] A view showing the data structure of a 
25 management table indicating the correspondence between 
sub addresses and electronic mail addresses in the 
third embodiment of the present invention. 
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[Fig. 7] A view showing the data structure of an 
address notebook in the third embodiment of the present 
invention . 

[Fig. 8] A view showing the configuration of a 
5 communication system in a sixth embodiment of the 
present invention . 

[Fig. 9] A flow chart showing the function of the 
communication apparatus in a fourth embodiment of the 
present invention . 
10 [Fig. 10] A flow chart showing the function of 

the communication apparatus in a fifth embodiment of 
the present invention. 

[Fig. 11] A flow chart showing the function of 
the communication apparatus in a sixth embodiment of 
15 the present invention. 

[Fig. 12] A flow chart showing the function of 
the communication apparatus in a sixth embodiment of 
the present invention. 
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20 201 Communication apparatus 
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Public network 
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Facsimile device 



205 



Server computer 



25 



206 
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[Name of the Document] Abstract 
[Abstract] 

[Problem(s)] An object of the present invention is to 
provide a communication apparatus capable of 
5 transferring the received confidential image to a 
predetermined destination while maintaining its 
confidential character, and a method and a memory 
medium therefor. 

[Means for Solving the Problem(s)] The invention 

10 provides a communication apparatus for transferring 

data received from a first networlc to a second network, 
in which the apparatus judges the destination of 
transfer of the received data and the secrecy level of 
the received data, and executes the transfer of the 
15 received data by a method based on the results of 
j udgment . 

[Elected Drawing] Fig. 2 
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[Name of the Document] Drawings 
Fig- 1 
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Fig. 2 
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205 Server computer 

206 Client computer 

Fig. 3 
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Fig- 4 
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Fig. 5 
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Fig. 6 
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Fig- 9 
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Fig. 10 
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Fig- 11 

5501 Start 

5502 Incoming call? 

5503 Pre-communication 

5504 Reception 

5505 End? 

5506 Confidential? 

5507 Public key exists? 

5508 Encrypt received image 

5509 Transfer e-mail attached with encrypted received image 

55 10 Store received image into memory box 

55 1 1 Notify reception to transfer destination 

5512 Transfer e-mail with received image 
SI 201 Within effective period? 

ItT End 

Fig. 12 
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